feat(colmena/cobalt): configure soju & acme

author: sefidel <contact@sefidel.net> 2023-02-02 18:48:45 +0900
committer: sefidel <contact@sefidel.net> 2023-02-02 18:58:09 +0900
commit: 68e5d83b0b379fdca677cbd3221fa05fe5ec268f (patch)
tree: 9cf212cedc1b36da8366331581dc156efd39e559 /colmena/cobalt/services/soju.nix
parent: c551a417940f9c66b4346c5813c2550f06269380 (diff)
download: nixrc-68e5d83b0b379fdca677cbd3221fa05fe5ec268f.tar.gz
nixrc-68e5d83b0b379fdca677cbd3221fa05fe5ec268f.zip
1 files changed, 27 insertions, 0 deletions
diff --git a/colmena/cobalt/services/soju.nix b/colmena/cobalt/services/soju.nix
new file mode 100644
index 0000000..3e1e3fe
--- /dev/null
+++ b/colmena/cobalt/services/soju.nix
@@ -0,0 +1,27 @@
+{
+  services.soju = {
+    enable = true;
+    extraGroups = [ "acme" ];
+    hostName = "bouncer.sefidel.com";
+    listen = [
+      # ":6697"
+      "ircs://bouncer.sefidel.com:6697"
+    ];
+    tlsCertificate = "/var/lib/acme/sefidel.com/cert.pem";
+    tlsCertificateKey = "/var/lib/acme/sefidel.com/key.pem";
+  };
+
+  networking.firewall.allowedTCPPorts = [ 6697 ];
+
+  environment.persistence."/persist".directories = [
+    "/var/lib/private/soju"
+  ];
+
+  # TODO: remove this once merged
+  disabledModules = [ "services/networking/soju.nix" ];
+
+  imports = [
+    ./acme.nix
+    ../overlays/soju.nix
+  ];
+}
author	sefidel <contact@sefidel.net>	2023-02-02 18:48:45 +0900
committer	sefidel <contact@sefidel.net>	2023-02-02 18:58:09 +0900
commit	68e5d83b0b379fdca677cbd3221fa05fe5ec268f (patch)
tree	9cf212cedc1b36da8366331581dc156efd39e559 /colmena/cobalt/services/soju.nix
parent	c551a417940f9c66b4346c5813c2550f06269380 (diff)
download	nixrc-68e5d83b0b379fdca677cbd3221fa05fe5ec268f.tar.gz nixrc-68e5d83b0b379fdca677cbd3221fa05fe5ec268f.zip